信息来源:邪恶八进制信息安全团队(
http://www.eviloctal.com/)
书籍简介:
(英文)Routers direct and control much of the data flowing across computer networks. This guide provides technical guidance intended to help network administrators and security officers improve the security of their networks. Using the information presented here, you can configure your routers to control access, resist attacks, shield other network components, and even protect the integrity and confidentiality of network traffic.
This guide was developed in response to numerous questions and requests for assistance received by the NSA System and Network Attack Center (SNAC). The topics covered in the guide were selected on the basis of customer interest, community concensus, and the SNAC’s background in securing networks.
The goal for this guide is a simple one: improve the security provided by routers on US Government operational networks.
目录
1. Introduction 7
1.1. The Roles of Routers in Modern Networks 7
1.2. Motivations for Providing Router Security Guidance 9
1.3. Typographic and Diagrammatic Conventions Used in this Guide 10
1.4. Structural Overview 12
2. Background and Review 15
2.1. Review of TCP/IP Networking 15
2.2. TCP/IP and the OSI Model 17
2.3. Review of IP Routing and IP Architectures 19
2.4. Basic Router Functional Architecture 24
2.5. Review of Router-Relevant Protocols and Layers 27
2.6. Quick “Review” of Attacks on Routers 29
2.7. References 30
3. Router Security Principles and Goals 33
3.1. Protecting the Router Itself 33
3.2. Protecting the Network with the Router 34
3.3. Managing the Router 42
3.4. Security Policy for Routers 45
3.5. References 50
4. Implementing Security on Cisco Routers 53
4.1. Router Access Security 54
4.2. Router Network Service Security 69
4.3. Access Control Lists, Filtering, and Rate Limiting 81
4.4. Routing and Routing Protocols 98
4.5. Audit and Management 126
4.6. Security for Router Network Access Services 162
4.7. Collected References 189
5. Advanced Security Services 191
5.1. Role of the Router in Inter-Network Security 191
5.2. IP Network Security 192
5.3. Using SSH for Remote Administration Security 214
5.4. Using a Cisco Router as a Firewall 219
5.5. Cisco IOS Intrusion Detection 228
5.6. References 234
6. Testing and Security Validation 237
6.1. Principles for Router Security Testing 237
6.2. Testing Tools 237
6.3. Testing and Security Analysis Techniques 238
6.4. Using the Router Audit Tool 245
6.5. References 247
7. Additional Issues in Router Security 249
7.1. Routing and Switching 249
7.2. ATM and IP Routing 251
7.3. Multi-Protocol Label Switching (MPLS) 252
7.4. IPSec and Dynamic Virtual Private Networks 253
7.5. Tunneling Protocols and Virtual Network Applications 254
7.6. IP Quality of Service (QoS) and RSVP 255
7.7. Secure DNS 256
7.8. References 257
8. Appendices 259
8.1. Top Ways to Quickly Improve the Security of a Cisco Router 259
8.2. Application to Ethernet Switches and Related Non-Router Network Hardware 265
8.3. Overview of Cisco IOS Versions and Releases 268
8.4. Glossary of Router Security-related Terms 274
9. Additional Resources 281
9.1. Bibliography 281
9.2. Web Site References 284
9.3. Tool References 286
Index 289
